Technology helps
us to work out problems, but they are vulnerable to several types of threats.
Any kind of losing or unavailability could be too dangerous for small and big
companies.
So, information
security is a key investment. But, how do you decide what kind of investments
is necessary? First of all, you must know the cost of your business' downtime
to protect it against failures.
Planning
A deep
investigation of users' access to the Internet together with your data security
needs will support you to start your security policy.
1. What do you
want to protect?
2. What are the
risks?
3. What parts of
your business are relevant?
4. What do your
users expecting from their computers? What do they need for their jobs?
Defining
Now, you can
start writing your security policy. The best way to develop a
policy is to work
from an example policy.
You can find
several templates of security
policies in the Internet. You must define the
mission of information security in your company: Scope, responsibilities,
enforcements, revision. You need a Continuity Plan; which will involve a lot of
areas in your company, such as technology, electric power, engineering, staff
planning, communication, etc. Your users must know the Security Policy and they
need to be trained constantly. Processes must be review in a constant basis, to
ensure that you have the latest and most up-to-date version of a solution.
Remember that
threats and vulnerabilities are continuously evolving.
Implementing
So, you make
business decisions and you know how vital is safeguard you computer data.
Security
systems are the execution of those decisions. Good security system
starts with meticulous planning and understanding company business, not robust
hardware and software. Security policies are strategic documents that guide you
for security.
If you don’t
understand your business needs it will be difficult implement and configure
those security systems. Remember that a
firewall security policy cannot exist
alone. It must be accompanied by your company board support, a policy that
establishes how to maintain physical security, staff training and awareness,
and other specific security controls.
Using
A firewall stands between your protected network and public Internet.
Its main
function is to examine traffic coming from the public side to the private; to
make sure it reflects your security policies before permitting that traffic to
pass through your private network.
Two things you
must think about implementing firewalls:
1. Acquire the right firewall for you company.
There are lots of firewalls in the market, but without a solid and trustable
host, your firewall will be worthless.
2. Configure your firewall to meet your security policies.
You could create rules that allow your users to access local web servers but
that not prevent employees to access local systems such as financial,
development and human resources.
When you define a strong security policy that balances your users’ needs with
your business needs, you will be able to find the right combination of IT
resources to implement it. Keep in mind that firewall's rules come from your
business needs.
More reviews about the How to create a security policy